From c6aa14724579c198a746d62ed60a89127f53c2cf Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 29 Oct 2012 19:38:34 +0100 Subject: [PATCH] Added documentation on detecting libgnutls-dane. --- .gitignore | 2 ++ NEWS | 2 ++ doc/cha-cert-auth.texi | 25 +++++++++++++++++++++++-- doc/invoke-danetool.texi | 18 +----------------- 4 files changed, 28 insertions(+), 19 deletions(-) diff --git a/.gitignore b/.gitignore index 743a7f901..fbef9cecf 100644 --- a/.gitignore +++ b/.gitignore @@ -119,6 +119,7 @@ doc/latex/gnutls.lot doc/manpages/Makefile doc/manpages/Makefile.in doc/manpages/certtool.1 +doc/manpages/danetool.1 doc/manpages/gnutls-cli-debug.1 doc/manpages/gnutls-cli.1 doc/manpages/gnutls-serv.1 @@ -597,6 +598,7 @@ tests/mini-handshake-timeout tests/mini-x509-callbacks doc/manpages/stamp_mans libdane/libgnutls-dane.la +libdane/gnutls-dane.pc doc/latex/dane-api.tex src/libcmd-danetool.la src/danetool diff --git a/NEWS b/NEWS index aa242d8fc..b7301b3f1 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,8 @@ the available revocation data validity. ** danetool: Corrected bug that prevented loading PEM files. +** libgnutls-dane: Added pkg-config file for the library. + ** API and ABI modifications: gnutls_session_get_id2: Added GNUTLS_CERT_REVOCATION_DATA_TOO_OLD: Added. diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index 7e62365dc..cb395cbd1 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -500,8 +500,29 @@ in addition to the verification by commercial CA infrastructure or could even replace it where DNSSEC is deployed. The DANE functionality is provided by the @code{libgnutls-dane} library that is shipped -with GnuTLS and the function prototypes are in @code{gnutls/dane.h}. The -high level verification functions are shown below. +with GnuTLS and the function prototypes are in @code{gnutls/dane.h}. + +@subsubheading Using the DANE library +Since the DANE library is not included in GnuTLS it requires programs +to be linked against it. This can be achieved with the following commands. + +@example +gcc -o foo foo.c `pkg-config gnutls-dane --cflags --libs` +@end example + +When a program uses the GNU autoconf system, then the following +line or similar can be used to detect the presence of the library. + +@example +PKG_CHECK_MODULES([LIBDANE], [gnutls-dane >= 3.0.0]) + +AC_SUBST([LIBDANE_CFLAGS]) +AC_SUBST([LIBDANE_LIBS]) +@end example + +@subsubheading DANE library functionality + +The library provides high level verification functions which are shown below. @showfuncdesc{dane_verify_crt} diff --git a/doc/invoke-danetool.texi b/doc/invoke-danetool.texi index 667e6a0c5..636ab982a 100644 --- a/doc/invoke-danetool.texi +++ b/doc/invoke-danetool.texi @@ -7,7 +7,7 @@ # # DO NOT EDIT THIS FILE (invoke-danetool.texi) # -# It has been AutoGen-ed October 13, 2012 at 10:33:54 PM by AutoGen 5.16 +# It has been AutoGen-ed October 29, 2012 at 07:37:13 PM by AutoGen 5.16 # From the definitions ../src/danetool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -51,9 +51,6 @@ USAGE: danetool [ - [] | --[@{=| @}] ]... --inder Use DER format for input certificates and private keys. - disabled as --no-inder --inraw This is an alias for 'inder' - --outder Use DER format for output certificates and private keys - - disabled as --no-outder - --outraw This is an alias for 'outder' --tlsa-rr Print the DANE RR data on a certificate or public key - requires these options: host @@ -122,19 +119,6 @@ certificates), when reading in DER format a single data structure is read. This is an alias for the inder option, @pxref{danetool inder, the inder option documentation}. -@anchor{danetool outder} -@subheading outder option -@cindex danetool-outder - -This is the ``use der format for output certificates and private keys'' option. -The output will be in DER or RAW format. -@anchor{danetool outraw} -@subheading outraw option -@cindex danetool-outraw - -This is an alias for the outder option, -@pxref{danetool outder, the outder option documentation}. - @anchor{danetool tlsa-rr} @subheading tlsa-rr option @cindex danetool-tlsa-rr -- 2.11.4.GIT